For one of my services, I have the following accessStrategy defined in my JSON file:
---begin---
"accessStrategy" :
{
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"unauthorizedRedirectUrl" : "
https://ssohost.mydomain.edu/cas_nowayjose/",
"requireAllAttributes" : false,
"ssoEnabled" : true,
"requiredAttributes" :
{
"@class" : "java.util.HashMap",
"memberOf" : [ "java.util.HashSet", [ "CN=some_cn,OU=some_subgroup,OU=some_group,DC=my_subdomain,DC=my_domain,DC=edu","CN=some_other_cn,OU=some_subgroup,OU=some_group,DC=my_subdomain,DC=mydomain,DC=edu" ] ]
}
}
---end---
This works nicely to redirect unauthorized users who do not belong to either of the memberOf AD groups. However, the default log settings in log4j2.xml do not provide any indication that an unauthorized user attempted to obtain a service ticket.
How can I set up my CAS (v5.2.2) instance to log failed attempts by unauthorized users to obtain a service ticket?
Carl